CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
needsRehash example
return $hasher->verify($user->getPassword(), $plainPassword, $salt);
}
public function needsRehash(PasswordAuthenticatedUserInterface $user): bool
{
if (null === $user->getPassword()) {
return false;
}
$hasher = $this->hasherFactory->getPasswordHasher($user);
return $hasher->needsRehash($user->getPassword());
}
}
}
public function needsRehash(PasswordAuthenticatedUserInterface $user): bool
{
if (null === $user->getPassword()) {
return false;
}
$hasher = $this->hasherFactory->getPasswordHasher($user);
return $hasher->needsRehash($user->getPassword());
}
}
$hasher = new NativePasswordHasher(null, null, 4, \PASSWORD_BCRYPT);
$plainPassword = "a\0b";
$this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword, 'salt'));
$this->assertTrue($hasher->verify($hasher->hash($plainPassword), $plainPassword, 'salt'));
}
public function testNeedsRehash()
{
$hasher = new NativePasswordHasher(4, 11000, 4);
$this->assertTrue($hasher->needsRehash('dummyhash'));
$hash = $hasher->hash('foo', 'salt');
$this->assertFalse($hasher->needsRehash($hash));
$hasher = new NativePasswordHasher(5, 11000, 5);
$this->assertTrue($hasher->needsRehash($hash));
}
}
$plainPassword = "a\0b";
$this->assertFalse($hasher->verify(password_hash($plainPassword, \PASSWORD_BCRYPT, ['cost' => 4]), $plainPassword, 'salt'));
$this->assertTrue($hasher->verify($hasher->hash($plainPassword), $plainPassword, 'salt'));
}
public function testNeedsRehash()
{
$hasher = new NativePasswordHasher(4, 11000, 4);
$this->assertTrue($hasher->needsRehash('dummyhash'));
$hash = $hasher->hash('foo', 'salt');
$this->assertFalse($hasher->needsRehash($hash));
$hasher = new NativePasswordHasher(5, 11000, 5);
$this->assertTrue($hasher->needsRehash($hash));
}
}
$uid = FALSE;
if (!empty($username) && strlen($password) > 0) {
$account_search = $this->entityTypeManager->getStorage('user')->loadByProperties(['name' => $username]);
if ($account = reset($account_search)) {
if ($this->passwordChecker->check($password, $account->getPassword())) {
// Successful authentication. $uid = $account->id();
// Update user to new password scheme if needed. if ($this->passwordChecker->needsRehash($account->getPassword())) {
$account->setPassword($password);
$account->save();
}
}
}
}
return $uid;
}
}
if (!empty($username) && strlen($password) > 0) {
$account_search = $this->entityTypeManager->getStorage('user')->loadByProperties(['name' => $username]);
if ($account = reset($account_search)) {
if ($this->passwordChecker->check($password, $account->getPassword())) {
// Successful authentication. $uid = $account->id();
// Update user to new password scheme if needed. if ($this->passwordChecker->needsRehash($account->getPassword())) {
$account->setPassword($password);
$account->save();
}
}
}
}
return $uid;
}
}
$this->expectException(\InvalidArgumentException::class);
new PhpassHashedPassword('not a number');
}
/** * Tests a password needs update. * * @covers ::needsRehash */
public function testPasswordNeedsUpdate() {
// The md5 password should be flagged as needing an update. $this->assertTrue($this->passwordHasher->needsRehash($this->md5HashedPassword), 'Upgraded md5 password hash needs a new hash.');
}
/** * Tests password hashing. * * @covers ::hash * @covers ::getCountLog2 * @covers ::base64Encode * @covers ::check * @covers ::generateSalt * @covers ::needsRehash */
new PhpassHashedPassword('not a number');
}
/** * Tests a password needs update. * * @covers ::needsRehash */
public function testPasswordNeedsUpdate() {
// The md5 password should be flagged as needing an update. $this->assertTrue($this->passwordHasher->needsRehash($this->md5HashedPassword), 'Upgraded md5 password hash needs a new hash.');
}
/** * Tests password hashing. * * @covers ::hash * @covers ::getCountLog2 * @covers ::base64Encode * @covers ::check * @covers ::generateSalt * @covers ::needsRehash */
public function hash(#[\SensitiveParameter] string $plainPassword, string $salt = null): string
{
return $this->bestHasher->hash($plainPassword, $salt);
}
public function verify(string $hashedPassword, #[\SensitiveParameter] string $plainPassword, string $salt = null): bool {
if ($this->bestHasher->verify($hashedPassword, $plainPassword, $salt)) {
return true;
}
if (!$this->bestHasher->needsRehash($hashedPassword)) {
return false;
}
foreach ($this->extraHashers as $hasher) {
if ($hasher->verify($hashedPassword, $plainPassword, $salt)) {
return true;
}
}
return false;
}
return $this->bestHasher->hash($plainPassword, $salt);
}
public function verify(string $hashedPassword, #[\SensitiveParameter] string $plainPassword, string $salt = null): bool {
if ($this->bestHasher->verify($hashedPassword, $plainPassword, $salt)) {
return true;
}
if (!$this->bestHasher->needsRehash($hashedPassword)) {
return false;
}
foreach ($this->extraHashers as $hasher) {
if ($hasher->verify($hashedPassword, $plainPassword, $salt)) {
return true;
}
}
return false;
}
$this->passwordHash = $this->passwordHasher->hash($this->password);
}
/** * Tests a password needs update. * * @covers ::hash * @covers ::needsRehash */
public function testPasswordNeedsUpdate() {
$weakHash = (new PhpPassword(PASSWORD_BCRYPT, ['cost' => 4]))->hash($this->password);
$this->assertTrue($this->passwordHasher->needsRehash($weakHash), 'Password hash with weak cost settings needs a new hash.');
}
/** * Tests password hashing. * * @covers ::check * @covers ::needsRehash */
public function testPasswordChecking() {
$this->assertTrue($this->passwordHasher->check($this->password, $this->passwordHash), 'Password check succeeds.');
$this->assertFalse($this->passwordHasher->needsRehash($this->passwordHash), 'Does not need a new hash.');
}
}
/** * Tests a password needs update. * * @covers ::hash * @covers ::needsRehash */
public function testPasswordNeedsUpdate() {
$weakHash = (new PhpPassword(PASSWORD_BCRYPT, ['cost' => 4]))->hash($this->password);
$this->assertTrue($this->passwordHasher->needsRehash($weakHash), 'Password hash with weak cost settings needs a new hash.');
}
/** * Tests password hashing. * * @covers ::check * @covers ::needsRehash */
public function testPasswordChecking() {
$this->assertTrue($this->passwordHasher->check($this->password, $this->passwordHash), 'Password check succeeds.');
$this->assertFalse($this->passwordHasher->needsRehash($this->passwordHash), 'Does not need a new hash.');
}
/** * Tests that needsRehash() is forwarded to corePassword instance. * * @covers ::needsRehash */
public function testPasswordNeedsRehash() {
$sampleHash = $this->randomMachineName();
$corePassword = $this->prophesize(PasswordInterface::class);
$corePassword->needsRehash($sampleHash)->willReturn(TRUE);
$passwordService = new PhpassHashedPassword($corePassword->reveal());
$result = $passwordService->needsRehash($sampleHash);
$this->assertTrue($result, 'Calls to needsRehash() are forwarded to core password service.');
}
/** * Tests that check() is forwarded to corePassword instance if hash settings are not recognized. * * @covers ::check */
// Compare using hash_equals() instead of === to mitigate timing attacks. return $computed_hash && hash_equals($stored_hash, $computed_hash);
}
/** * {@inheritdoc} */
public function needsRehash(#[\SensitiveParameter] $hash) { if (isset($this->corePassword)) {
return $this->corePassword->needsRehash($hash);
}
// Check whether this was an updated password. if ((substr($hash, 0, 3) != '$S$') || (strlen($hash) != static::HASH_LENGTH)) {
return TRUE;
}
// Ensure that $count_log2 is within set bounds. $count_log2 = $this->enforceLog2Boundaries($this->countLog2);
// Check whether the iteration count used differs from the standard number. return ($this->getCountLog2($hash) !== $count_log2);
}
}
// Create a new user and authenticate.
$account = $this->drupalCreateUser([]);
$password = $account->passRaw;
$this->drupalLogin($account);
$this->drupalLogout();
// Load the stored user. The password hash shouldn't need a rehash. $user_storage = $this->container->get('entity_type.manager')->getStorage('user');
$account = User::load($account->id());
// Check that the stored password doesn't need rehash. $this->assertFalse($password_hasher->needsRehash($account->getPassword()));
// The current hashing cost is set to 10 in the container. Increase cost by // one, by enabling a module containing the necessary container changes. \Drupal::service('module_installer')->install(['user_custom_pass_hash_params_test']);
$this->resetAll();
// Reload the hashing service after container changes. $password_hasher = $this->container->get('password');
// Check that the stored password does need rehash. $this->assertTrue($password_hasher->needsRehash($account->getPassword()));
$password = $account->passRaw;
$this->drupalLogin($account);
$this->drupalLogout();
// Load the stored user. The password hash shouldn't need a rehash. $user_storage = $this->container->get('entity_type.manager')->getStorage('user');
$account = User::load($account->id());
// Check that the stored password doesn't need rehash. $this->assertFalse($password_hasher->needsRehash($account->getPassword()));
// The current hashing cost is set to 10 in the container. Increase cost by // one, by enabling a module containing the necessary container changes. \Drupal::service('module_installer')->install(['user_custom_pass_hash_params_test']);
$this->resetAll();
// Reload the hashing service after container changes. $password_hasher = $this->container->get('password');
// Check that the stored password does need rehash. $this->assertTrue($password_hasher->needsRehash($account->getPassword()));
if ('' === $plaintextPassword) {
return;
}
$user = $passport->getUser();
if (!$user instanceof PasswordAuthenticatedUserInterface || null === $user->getPassword()) {
return;
}
$passwordHasher = $this->hasherFactory->getPasswordHasher($user);
if (!$passwordHasher->needsRehash($user->getPassword())) {
return;
}
$passwordUpgrader = $badge->getPasswordUpgrader();
if (null === $passwordUpgrader) {
if (!$passport->hasBadge(UserBadge::class)) {
return;
}
/** @var UserBadge $userBadge */
return;
}
$user = $passport->getUser();
if (!$user instanceof PasswordAuthenticatedUserInterface || null === $user->getPassword()) {
return;
}
$passwordHasher = $this->hasherFactory->getPasswordHasher($user);
if (!$passwordHasher->needsRehash($user->getPassword())) {
return;
}
$passwordUpgrader = $badge->getPasswordUpgrader();
if (null === $passwordUpgrader) {
if (!$passport->hasBadge(UserBadge::class)) {
return;
}
/** @var UserBadge $userBadge */
$hasher = new NativePasswordHasher(4, 20000, 4);
$mockPasswordHasherFactory = $this->createMock(PasswordHasherFactoryInterface::class);
$mockPasswordHasherFactory->expects($this->any())
->method('getPasswordHasher')
->with($user)
->will($this->onConsecutiveCalls($hasher, $hasher, new NativePasswordHasher(5, 20000, 5), $hasher));
$passwordHasher = new UserPasswordHasher($mockPasswordHasherFactory);
\Closure::bind(function D) use ($passwordHasher) { $this->password = $passwordHasher->hashPassword($this, 'foo', 'salt'); }, $user, class_exists(User::class) ? User::class D InMemoryUser::class)();
$this->assertFalse($passwordHasher->needsRehash($user));
$this->assertTrue($passwordHasher->needsRehash($user));
$this->assertFalse($passwordHasher->needsRehash($user));
}
}
$mockPasswordHasherFactory = $this->createMock(PasswordHasherFactoryInterface::class);
$mockPasswordHasherFactory->expects($this->any())
->method('getPasswordHasher')
->with($user)
->will($this->onConsecutiveCalls($hasher, $hasher, new NativePasswordHasher(5, 20000, 5), $hasher));
$passwordHasher = new UserPasswordHasher($mockPasswordHasherFactory);
\Closure::bind(function D) use ($passwordHasher) { $this->password = $passwordHasher->hashPassword($this, 'foo', 'salt'); }, $user, class_exists(User::class) ? User::class D InMemoryUser::class)();
$this->assertFalse($passwordHasher->needsRehash($user));
$this->assertTrue($passwordHasher->needsRehash($user));
$this->assertFalse($passwordHasher->needsRehash($user));
}
}
public function testUserProvidedSaltIsNotUsed()
{
$hasher = new SodiumPasswordHasher();
$result = $hasher->hash('password', 'salt');
$this->assertTrue($hasher->verify($result, 'password', 'anotherSalt'));
}
public function testNeedsRehash()
{
$hasher = new SodiumPasswordHasher(4, 11000);
$this->assertTrue($hasher->needsRehash('dummyhash'));
$hash = $hasher->hash('foo', 'salt');
$this->assertFalse($hasher->needsRehash($hash));
$hasher = new SodiumPasswordHasher(5, 11000);
$this->assertTrue($hasher->needsRehash($hash));
}
}
{
$hasher = new SodiumPasswordHasher();
$result = $hasher->hash('password', 'salt');
$this->assertTrue($hasher->verify($result, 'password', 'anotherSalt'));
}
public function testNeedsRehash()
{
$hasher = new SodiumPasswordHasher(4, 11000);
$this->assertTrue($hasher->needsRehash('dummyhash'));
$hash = $hasher->hash('foo', 'salt');
$this->assertFalse($hasher->needsRehash($hash));
$hasher = new SodiumPasswordHasher(5, 11000);
$this->assertTrue($hasher->needsRehash($hash));
}
}
public function testValidation()
{
$bestHasher = new NativePasswordHasher(4, 12000, 4);
$extraHasher = $this->createMock(PasswordHasherInterface::class);
$extraHasher->expects($this->never())->method('hash');
$extraHasher->expects($this->never())->method('verify');
$extraHasher->expects($this->never())->method('needsRehash');
$hasher = new MigratingPasswordHasher($bestHasher, $extraHasher);
$this->assertTrue($hasher->needsRehash('foo'));
$hash = $hasher->hash('foo', 'salt');
$this->assertFalse($hasher->needsRehash($hash));
$this->assertTrue($hasher->verify($hash, 'foo', 'salt'));
$this->assertFalse($hasher->verify($hash, 'bar', 'salt'));
}
public function testFallback()
{
$bestHasher = new NativePasswordHasher(4, 12000, 4);
{
$bestHasher = new NativePasswordHasher(4, 12000, 4);
$extraHasher = $this->createMock(PasswordHasherInterface::class);
$extraHasher->expects($this->never())->method('hash');
$extraHasher->expects($this->never())->method('verify');
$extraHasher->expects($this->never())->method('needsRehash');
$hasher = new MigratingPasswordHasher($bestHasher, $extraHasher);
$this->assertTrue($hasher->needsRehash('foo'));
$hash = $hasher->hash('foo', 'salt');
$this->assertFalse($hasher->needsRehash($hash));
$this->assertTrue($hasher->verify($hash, 'foo', 'salt'));
$this->assertFalse($hasher->verify($hash, 'bar', 'salt'));
}
public function testFallback()
{
$bestHasher = new NativePasswordHasher(4, 12000, 4);